include "common.php";
$login = $_COOKIE['human'];
dbopen();
authenticate($login);
$folderid = $_GET['id'];
if ($folderid != '') {
dbopen();
$sql = "select foldername,folderinfo,login from folder,user where folderid = $folderid and folderowner = uid";
$res = mysql_query($sql);
$foldername = '';
$folderinfo = '';
if ($res) {
$foldername = mysql_result($res,0,'foldername') ;
$folderinfo = mysql_result($res,0,'folderinfo');
$folderowner = mysql_result($res,0,'login');
if ($login != $folderowner) {
logit('ACCESSVIOLATION',"unauthorized update of folder $folderid by $login");
error_page("You are not authorized to update this folder.
");
$folderid = 0;
}
}
} else { $folderid = 0; }
?>